Cloud Storage and Security

...

Related work

The research is essential theoretically in the sense that it creates a platform for further research. Inherently, it makes practical measures that should be taken to moderate against data or information privacy and security (Rajnish, 2011). Based on the same note, there are many privacy and security issues that are related to the provision of cloud computing. This study examines the risks that face data privacy and security in the context of cloud computing. There is need for organizations to reduce costs while ensuring that the operational and customer information and data are secure. Cloud computing being a relatively new concept has not been explored extensively. It is hence imperative to examine the issue in view of developing events that result in the loss of information to unauthorized individuals.

Results

The availability of different categories of cloud computing also means that the risks involved are multiple and diverse. The information security concerns related to cloud computing include confidentiality, information integrity, data theft, information loss, data deletion, malicious insiders, account hijacking and data segregation.

Confidentiality

Cloud computing hosts sometimes seek the services of third parties to keep information and data for the clients. The third party may expose or use the information. The confidentiality that is supposed to exist between the host and the client is eroded. .the simple act of availing the third party with the data and information also means that the confidentiality has been breached.

Data Integrity

Data on cloud is easily accessible to people who are information technology knowledgeable. Clouds lack the capacity to distinguish between susceptible data and common information. When such individuals access and view the information, data integrity is lost.

Data Theft

It is common for hosts to rent servers from other providers to lower the costs. Conversely, the risks of data theft by third parties and malicious individuals increase significantly, as data is accessible to many individuals. Sensitive data store in such servers is highly susceptible to theft.

Data Loss

The information in this respect is stored in a remote location by the host but is accessible to the client online. In some occasions, the systems may fail and shut own. This means that the client cannot access the information. Technical problems such as loss of power may lead to complete loss of information.

Data Deletion

In some situations, the client may opt to delete information that is no longer deemed important. The information may still be in the hosts system without the knowledge of the client. This is one of the major challenges for clients who subscribe to cloud services.

Malevolent Insiders

The majority of cloud suppliers hardly reveal data on how workers are granted the right to use records stored within the cloud. In most cases, the client is unaware whether the provider authorizes workers to access their information or not. When such permission is granted, the information can be susceptible to exposure by the employees.

Account Hijacking

The contemporary technology is complex. The complexity works for clients, providers and hackers alike. A hacker can easily access a cloud and take over a client’s account. Once the access is gained, the hacker can control and take confidential information. A client would never like information or data to be taken by an unauthorized person.

Data segregation

In the cloud system, information can be placed on a private or shared mode. For effective management and modification of data and information, it is usually rational to place the date on the shared mode to allow authorized personnel access the information. However, in the shared mode, unendorsed people can easily get the right to use the data. In this regard, private information in shared mode can be easily accessed or seen by others.

Personal data and information that may be at risk on the internet is not restricted to the information readily given by clients to the provider. The information captured by providers of cloud service through the observation of clients’ habits may also be at risk. The information is typically captured through computer cookies. Cookies are particularly interesting to online advertising. The capturing of sensitive information in transit may expose the user to malicious individuals. The cookies have the capacity to store information including website preferences and unencrypted data during transit.

Security and privacy risks associated with cloud computing should primarily be assessed on two variables. The criticality of the user processes that require to be supported on cloud systems is one of the variables (Anthony, 2011). In case the records that require cloud support are sensitive, then the level of service provision demands the client and provider to ensure due diligence as the second variable. This will guarantee the integrity and confidentiality of the information. These conditions hence require appropriate measure to be taken. The measures that should be taken prior to engaging the service can be categorized into three types. There are low, medium and high risks to the security and privacy of information and data (Kroll, 2013). In the low risks category, the clouding service sought does not touch on the critical organizational mission. This means that in case of disclose or theft of information and data, the organization will not suffer irrecoverable financial damage.

Information and data in the medium risk category entails information that can be accessed easily. However, this information demands higher level of service. The information may include data captured from web-conferencing or non-confidential organizational financial data. High-risk information available to be stored in cloud comprises of information vital to the organizational mission. This information may include confidential financial data. The disclosure of such information to unauthorized individuals is detrimental to the operations of the organization (Gold, 2012).

Recommendations

Every organization should undertake measures to warrant the security and privacy of data gathered from both operations and clients. This is based on the increasing